Hi Michael, running it manually works (both add and delete), I can see this in active-responses.log: Tue 09/23/2014 15:12:36.43 c:\Program Files (x86)\ossec-agent\active-response\bin\route-null.cmd ADD - 3.3.3.3 Tue 09/23/2014 15:13:35.74 c:\Program Files (x86)\ossec-agent\active-response\bin\route-null.cmd delete - 3.3.3.3
When I run it remotely, I don't see anything neither in active-responses.log nor ossec.log When I run some non-existing command remotely: ./agent_control -b 1.1.1.1 -f blabla -u 034 OSSEC HIDS agent_control: Running active response 'blabla' on: 034 I see error message in agent's ossec.log 2014/09/23 15:17:19 ossec-execd(1311): ERROR: Invalid command name 'blabla' provided. Jan On Tue, Sep 23, 2014 at 4:53 PM, Michael Starks < [email protected]> wrote: > On 2014-09-23 9:12, Jan Andrasko wrote: > >> Hi Michael, >> >> I tried the script you sent, but no change. Trying it on Win2008R2 and >> Win2012 DC Edition, agents and server are version 2.8.1. No message in >> ossec.log, even with debug turned on. Remote restart however works >> fine. Any idea what could be wrong? >> >> Brgds >> Jan >> > > What happens when you run it manually from an elevated prompt? > > > -- > > --- You received this message because you are subscribed to the Google > Groups "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
